According to Computerworld, the flaw was reported by Steven Abbagnaro, a student at Marist College, who has written proof-of-concept code that scrapes publicly available data from users' Facebook pages and then deletes all of a victim's contacts, one by one.